Skip site navigation (1) Skip section navigation (2)

User privileges-verification required

From: "Nauman Naeem" <nauman(dot)naeem(at)gmail(dot)com>
To: pgsql-hackers(at)postgresql(dot)org
Subject: User privileges-verification required
Date: 2006-02-24 13:25:13
Message-ID: 211765b50602240525j601a7b91o9f10030c9045e132@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-hackers
Hello all,

While playing around with database users, I noticed one odd thing
regarding user privileges.

In case I have only one user in my database who is also the DBSystem
(who carries out initdb), user then if that user takes away his
"createuser" privileges, he is unable to grant himself that privilege
again or grant that privilege to any other user that he creates.This
creates quite a fix since you end up with no superusers, nor a way to
create any other superusers.

In my opinion we should cater for such a situation, and two possible
solutions come to my mind for this:

1. Place a restriction that there should be more than one superuser
before you can issue a "NOCREATEUSER" command.

2 Only the DBsystemuser should be allowed to grant and revoke the
"createuser" privileges.

Let me know what you all think.

Thanks,
Nauman

Responses

pgsql-hackers by date

Next:From: Peter EisentrautDate: 2006-02-24 13:42:55
Subject: Re: User privileges-verification required
Previous:From: Andrew DunstanDate: 2006-02-24 13:06:43
Subject: Re: AC_REPLACE_FUNCS([getaddrinfo]) in 8.1.3

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group